93 tests, 9 CMS: Orilyt becomes the universal website audit platform
WordPress, Drupal, Joomla, PrestaShop, Magento, TYPO3, OpenCart, Ghost, Grav — and every other website.
- 47 universal tests apply to every website — any CMS, static site, or custom build
- 46 CMS-specific tests cover 9 platforms: WordPress (9), Drupal (6), Joomla (6), PrestaShop (5), Magento (5), TYPO3 (4), OpenCart (4), Ghost (3), Grav (4)
- Hosted platforms (Shopify, Wix, Squarespace, Webflow) get a "Managed by platform" badge on tests users cannot control
Why multi-CMS matters
Most website audit tools only work with WordPress. That made sense when WordPress powered 65% of the CMS market. But your clients don't all use WordPress.
An agency managing 30 client sites might have 15 on WordPress, 5 on PrestaShop, 3 on Drupal, 2 on Shopify, and the rest on custom or static builds. Until now, you needed different tools — or skipped the audit entirely — for anything that wasn't WordPress.
Orilyt now handles all of them. One tool, one report format, one workflow — regardless of what powers the site.
47 universal tests for every website
The foundation of every Orilyt audit is a set of 47 tests that apply to any website, regardless of the technology behind it. These tests cover five categories:
- Performance — TTFB, page weight, image optimization, compression, caching headers
- Security — SSL/TLS configuration, security headers, mixed content, Safe Browsing status
- SEO — Meta title and description, heading structure, canonical URL, Open Graph, sitemap, robots.txt
- UX — Mobile friendliness, readability, accessibility basics, keyboard navigation, contrast
- Legal — Privacy policy, cookie consent, legal pages detection
Whether the site is a hand-coded HTML page, a React SPA, or a Magento store — these 47 tests run the same way and produce actionable findings.
CMS-specific tests: deeper security for each platform
Beyond the universal tests, Orilyt now runs targeted checks for 9 CMS platforms. Each set of tests looks for security misconfigurations, exposed files, and outdated components specific to that platform:
| CMS | Tests | What they check |
|---|---|---|
| WordPress | 9 | Version exposure, readme.html, install.php, XML-RPC, user enumeration, directory listing, plugin vulnerabilities, debug mode, REST API exposure |
| Drupal | 6 | CHANGELOG.txt exposure, settings.php access, update.php access, user registration status, Drupal version detection, admin path exposure |
| Joomla | 6 | Configuration.php exposure, administrator path, version detection, debug mode, directory listing, installation folder remnants |
| PrestaShop | 5 | Admin folder exposure, debug mode, version detection, default credentials page, install folder remnants |
| Magento | 5 | Admin panel path, downloader exposure, version detection, debug mode, server info leaks |
| TYPO3 | 4 | Typo3conf exposure, install tool access, version detection, debug output |
| OpenCart | 4 | Admin path exposure, version detection, install folder, error log exposure |
| Ghost | 3 | Ghost API exposure, version detection, default admin path |
| Grav | 4 | Admin panel exposure, version detection, user accounts folder, cache folder access |
| Total | 46 | + 47 universal = 93 |
The CMS is detected automatically — no configuration required. When Orilyt identifies the platform, the relevant tests appear in a dedicated section of the report, with the CMS icon and color for instant recognition.
Hosted platforms: the honest approach
Shopify, Wix, Squarespace, Webflow, BigCommerce, and Blogger are different. These platforms manage the server, the SSL certificate, the security headers, and the infrastructure. Your client cannot change most of these settings.
Rather than penalizing sites for things they cannot control, Orilyt marks 13 infrastructure tests with a "Managed by platform" badge. The test still runs and reports the result, but the score reflects that the responsibility lies with the platform — not the site owner.
This is the honest approach. A Shopify store owner shouldn't see a red flag for not having a custom server configuration. And the freelancer presenting the report shouldn't have to explain away false negatives.
How it works
The multi-CMS audit is fully automatic. Here is what happens when you enter a URL:
- CMS detection — Orilyt analyzes HTTP headers, meta tags, HTML patterns, and known file paths to identify the CMS (or detect a hosted platform)
- 47 universal tests run on every site, producing the core audit report
- CMS-specific tests activate based on the detected platform, adding a dedicated section to the report
- Hosted platform badges are applied automatically when a managed platform is detected
In the report, the CMS section appears with a dedicated icon and color for each platform — making it immediately clear what technology was detected and what was tested.
Both report modes are supported: the agency (technical) view with full details and code snippets, and the freelance (client-facing) view with plain-language explanations and visual scores.
One audit tool for every client
With 93 tests across 9 CMS platforms, Orilyt is no longer just a WordPress audit tool. It's a universal website audit platform that works on any site your clients throw at you.
No more switching between tools. No more skipping audits because the site isn't on WordPress. No more explaining why your audit tool doesn't cover PrestaShop or Drupal.
One URL, one click, one comprehensive report — in 4 languages, with white-label support, and ready to present to any client.